- Timestamp:
- Aug 21, 2010, 4:03:13 AM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/common/oursrc/accountadm/admof.c
r1600 r1601 96 96 } 97 97 98 /* Resolve a Kerberos principal to a name usable by the AFS PTS. */ 99 void 100 resolve_principal(const char *name, const char *cell, char *user) 101 { 102 /* Figure out the cell's realm. */ 103 krb5_context context; 104 krb5_init_context(&context); 105 106 char **realm_list; 107 if (krb5_get_host_realm(context, cell, &realm_list) != 0 || 108 realm_list[0] == NULL) 109 die("internal error: krb5_get_host_realm failed"); 110 111 /* Convert the Kerberos 5 principal into a (Kerberos IV-style) AFS 112 name, omitting the realm if it equals the cell's realm. */ 113 krb5_principal principal; 114 if (krb5_parse_name(context, name, &principal) != 0) 115 die("internal error: krb5_parse_name failed"); 116 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; 117 if (krb5_524_conv_principal(context, principal, pname, pinst, prealm) != 0) 118 die("internal error: krb5_524_conv_principal failed\n"); 119 if (kname_unparse(user, pname, pinst, 120 strcmp(prealm, realm_list[0]) == 0 ? NULL : prealm) != 0) 121 die("internal error: kname_unparse failed\n"); 122 123 krb5_free_principal(context, principal); 124 krb5_free_host_realm(context, realm_list); 125 krb5_free_context(context); 126 127 /* Instead of canonicalizing the name as below, we just use 128 strcasecmp above. */ 129 #if 0 130 afs_int32 id; 131 if (pr_SNameToId((char *)user, &id) != 0) 132 die("bad principal\n"); 133 if (id == ANONYMOUSID) 134 die("anonymous\n"); 135 if (pr_SIdToName(id, user) != 0) 136 die("internal error: pr_SIdToName failed\n"); 137 #endif 138 } 139 98 140 int 99 141 main(int argc, const char *argv[]) … … 186 228 afsconf_Close(configdir); 187 229 188 /* Figure out the cell's realm. */189 krb5_context context;190 krb5_init_context(&context);191 192 char **realm_list;193 if (krb5_get_host_realm(context, cellconfig.hostName[0], &realm_list) != 0 ||194 realm_list[0] == NULL)195 die("internal error: krb5_get_host_realm failed");196 197 /* Convert the Kerberos 5 principal into a (Kerberos IV-style) AFS198 name, omitting the realm if it equals the cell's realm. */199 krb5_principal principal;200 if (krb5_parse_name(context, name, &principal) != 0)201 die("internal error: krb5_parse_name failed");202 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];203 if (krb5_524_conv_principal(context, principal, pname, pinst, prealm) != 0)204 die("internal error: krb5_524_conv_principal failed\n");205 230 char user[MAX(PR_MAXNAMELEN, MAX_K_NAME_SZ)]; 206 if (kname_unparse(user, pname, pinst, 207 strcmp(prealm, realm_list[0]) == 0 ? NULL : prealm) != 0) 208 die("internal error: kname_unparse failed\n"); 209 210 krb5_free_principal(context, principal); 211 krb5_free_host_realm(context, realm_list); 212 krb5_free_context(context); 213 214 /* Instead of canonicalizing the name as below, we just use 215 strcasecmp above. */ 216 #if 0 217 afs_int32 id; 218 if (pr_SNameToId((char *)user, &id) != 0) 219 die("bad principal\n"); 220 if (id == ANONYMOUSID) 221 die("anonymous\n"); 222 if (pr_SIdToName(id, user) != 0) 223 die("internal error: pr_SIdToName failed\n"); 224 #endif 231 resolve_principal(name, cellconfig.hostName[0], user); 225 232 226 233 /* Read the locker ACL. */ … … 250 257 char sysadmins[] = SYSADMINS, sysadmin_cell[] = SYSADMIN_CELL; 251 258 if (pr_Initialize(secLevel, (char *)AFSDIR_CLIENT_ETC_DIRPATH, sysadmin_cell) == 0) { 259 resolve_principal(name, sysadmin_cell, user); 252 260 if (ismember(user, sysadmins)) { 253 261 openlog("admof", 0, LOG_AUTHPRIV);
Note: See TracChangeset
for help on using the changeset viewer.